In this article
May 25, 2026
May 25, 2026

MCP Night 4 demo recap: AgentCard — one-time cards for agent payments

Karen Serfaty, founder of AgentCard, showed how agents can buy things with one-time cards at MCP Night 4. Here's a recap of the lightning demo.

At MCP Night 4 on May 21, AgentCard founder Karen Serfaty demoed a workflow where an agent issues one-time cards over MCP and uses them to complete a real purchase. The demo paid for an OpenAI subscription end-to-end from the terminal.

Zack Proser
May 25, 2026
Explore with AI
Open in ChatGPT
Open in Claude
Open in Perplexity

MCP Night 4 demo recap: AgentCard — "don't give your agent your credit card"

Handing your agent a credit card is a bad idea. That was the opening premise of Karen Serfaty's lightning demo at MCP Night 4 on May 21, where the founder of AgentCard walked the room through a workflow most of us have been quietly avoiding: actually letting an agent spend money. AgentCard's pitch is simple — give the agent a one-time card instead of your real one, scoped to a single amount, destroyed after a single use.

The demo: one-time cards over MCP

AgentCard ships an interface that both humans and agents can use to issue one-time cards. The cards are designed to be safe to share with an LLM and easy to spin up on demand. The product is live on the AgentCard website.

The Flow in Action

Karen ran the demo from her Open Code / Claude terminal with her AgentCard account and MCP server already connected. The command was deliberately boring: create a card.

That command hits AgentCard's MCP server, which asks back for a limit. Karen picked $1. The flow then paused for human approval.

IMAGE: A clean left-to-right flow with three nodes — a small terminal-shaped node on the left in soft white, a center hexagonal node tinted teal representing a server, and a card-shaped rounded rectangle on the right with a subtle one-way arrow looping back to a small destruction motif. Thin 1.5px connector arrows. Dark background.

Why the approval step matters

The approval prompt isn't just a formality. The flow can be kicked off by the human or by the agent directly, so before any card actually gets minted, a human has to say yes. Karen approved, and the card was created and rendered in the terminal.

She then ran show me the card — which also requires explicit approval before the digits appear. She joked that since the event wasn't being livestreamed, the audience could feel free to steal the number if they wanted. It didn't matter. The card is one-time use.

One-Time Means One-Time

This is the part that makes the whole model work. The card is destroyed after the first use, so it's safe to share with Open Code, Claude, or whatever LLM is driving the agent. If the model sees the card in its context window, fine — there's nothing left to charge against once the transaction clears.

That inverts the usual threat model for agent payments. Instead of trying to keep credentials away from the LLM, you assume the LLM will see them and make the credentials worthless after a single charge.

Buying an OpenAI Subscription, Live

The second half of the demo was the part everyone wanted to see: actually buying something. Karen pointed the agent at an OpenAI subscription checkout page.

Her MCP setup includes a tool that recognizes URLs and can complete transactions on them. The tool reads the amount due directly off the screen and creates a one-time card for exactly that amount. In this case, $8.

IMAGE: A browser-shaped rectangle on the right side of the frame with a subtle cursor dot mid-motion, connected by a thin teal arrow to a card-shaped node on the left. A small lock motif sits between them. Dark background, minimal, no text.

Authorization, Then Checkout

One more approval prompt — this time for the $8 charge — and the agent took over the browser. The cursor moved through the checkout flow and completed the purchase live in front of the room. Live demos in the cloud are hard, and Karen acknowledged as much on stage, but the transaction went through.

What this pattern enables

The shape of the demo matters more than the specific purchase. AgentCard is sketching out a primitive that's been missing from the agent stack:

  • A spending instrument that can be issued programmatically over MCP
  • A human-in-the-loop checkpoint that works whether the human or the agent initiated the flow
  • A credential that's safe to expose to an LLM because it self-destructs after one use

Combine those and "let my agent buy this for me" stops being a security nightmare.

Try It

Karen closed by inviting the audience — the people building the tools for the future, as she put it — to create an account and try buying things with their own agents. The product is available now on AgentCard's website.

The Signal

Agent payments have been one of those obviously-needed primitives that nobody wanted to ship because the failure modes are loud and expensive. You don't want to wake up to a Twitter thread about an autonomous agent draining a corporate card. AgentCard's answer — scope the card to one transaction, require human approval at issuance, and let the LLM see the number because it won't be valid after the charge clears — is the kind of pragmatic constraint that makes the whole category shippable.

The MCP Night 4 demo showed it working end-to-end, from create a card in the terminal to a completed checkout in the browser, within the lightning demo slot. That's the bar for new agent infrastructure right now: show me it works, show me it's safe, and show me how to install it. AgentCard hit all three.

We’re hiring

Our global team is growing and we’re hiring all types of roles.

View open roles
About us

WorkOS builds developer tools for quickly adding enterprise features to applications.

Learn more